Method and system for the authorised decoding of encoded data

ABSTRACT

The present invention relates to a method and a system for authorized decryption of encrypted data. First, the encrypted data is provided. Then the validity of at least two certificates is verified. If the validity check is positive, a key is provided, which can be used to decrypt the encrypted data.

FIELD OF INVENTION

The present invention relates to a method and a system for authorizeddecryption of encrypted data, particularly by means of certificates.

PRIOR ART

Due to its nature, electronic and digital data can, in principle, bereadily duplicated without restriction. Protecting the copyright of suchdata is therefore problematic because technical hurdles can often beovercome using relatively simple means, and because, as in the case ofDVD copy protection, means of by-passing such hurdles are even publishedon the Internet. Persons including the author, publishers, and producerson the other hand are interest in having data decrypted and used only byauthorized persons (e.g. against payment).

The object of the present invention therefore is to provide a method anda system for authorized decryption of encrypted data, which preventseasy, unauthorized copying of data while at the same time allowing easyuser handling.

DESCRIPTION OF INVENTION

This object is achieved by the method according to claim 1 and thesystem according to claim 14.

According to the method, encrypted data is provided. If at least twocertificates are valid, a key is supplied with which the data isdecrypted. This method has the benefit that the data can be distributedusing open communication channels. This way, the distribution and salesof the data, the acquisition of the right to decrypt and use such data,and the actual decryption and the use of same can be performedindependent of each other. The use of at least two certificates providessecure and efficient prevention against unauthorized copying of data.

The terms key and certificate are used in a cryptographic sense. A keyis used to transform plaintext to ciphertext, and ciphertext toplaintext. Plaintext is not necessarily human-readable text, butdirectly useable data, for example, text data or visual data, a computerprogram, a playable audio or video file or the like. Encryption anddecryption performed with the same key is called symmetrical encryption,while the opposite is called asymmetrical encryption. One example of thelatter are public-key encryption methods where one “public key” ispublic, i.e. readily available. The counterpart is the “private key”,which is known only to a limited number of people, possibly only to oneperson. A certificate can be used to identify a person or data. It cancontain one or more keys and the permission/authorization to access anduse certain data or devices. Certificates can have a time-stampedvalidity.

The data is electronic data, for example audio or video data, text-baseddocuments or computer programs. It can exist in analog or digital formatand can be stored on any storage medium. The storage medium may bedirectly accessible, such as memory on a LAN (server, network attachedstorage, etc.), Internet server memory, portable memory, memory in areading device/drive (for example diskettes, CD-ROM). The data isprovided by a publisher or supplier, for instance an author/originator,producer, publisher, distributor or seller.

The data is preferably encrypted symmetrically. In contrast to othermethods, the data can be stored in standard file formats and does notrequire special “security containers” using proprietary or even secretformats.

In a preferred embodiment, the key is provided by having it determined,for example calculated, by at least two certificates. If the data hasbeen encrypted for a specific user with said user's public key, the keycan also be calculated using the private key of said user. The key mayalso be determined by an additional certificate of the publisher of thedata.

As an preferred alternative, the key is provided over a data, telephone,or radio network, whereby it can exist already or it can be created ondemand. Storage or creation can be handled by a system of the dataissuer. The key can be determined with the issuer's private key and ispreferably provided in encrypted format. Encryption can be asymmetricand can, for example, be performed with the public key of the user. Thepublic key can be contained in the user certificate. Using public-keyencryption solves the distribution of keys. When the key has beenprovided it can be stored by the user to a storage unit.

Further to the encrypted data, additional information is preferablyprovided. It can be used to identify the encrypted data without ithaving to be decrypted and it can contain an indicator of the content(e.g. serial number) and/or the issuer (e.g. certificate, URL).

Apart from the encrypted data, additional information can be providedwhich can be used to furnish the key for the encrypted data. Thisinformation can be encrypted with the private key of the issuer. Shouldit not be possible to supply the key with the said additionalinformation, new additional information can be supplied with or withouta new encrypted file.

Advantageously, in addition to the encrypted data, further informationis provided which contains parts of the encrypted data in unencryptedform. This so-called teaser can serve marketing purposes. It can be usedwithout decryption, for example, it may be executable as a program.

In order to obviate attempts of fraud, the additional information can becryptographically secured, i.e. encrypted and/or digitally signed by theissuer. It can have the format of a certificate.

Advantageously, the minimum of two certificates include attribute and/oruser certificates. Where two certificates are used these can be anattribute and a user certificate or two attribute certificates or twouser certificates. A user certificate helps to identify the users. Theseinclude, for example, natural persons, legal persons, or devices likedata processing equipment. The certificate contains relevant informationlike name, email address or identification number/serial number. Thepermission/authorization to use certain data can be stored in anattribute certificate, which is specific to selected data or bulk data.The attribute certificate can be user-specific. It can containrestrictions regarding place, time, user devices (e.g. data processingequipment and play-back units) or other characteristics. In comparisonwith other methods, the use of attribute certificates ensuresportability of data use. The permission to use content is not given to aparticular machine or software, but can actually be assigned to a personor a portable device like a chip card.

The use of standards averts the need for what are normally less testedproprietary methods. Because of its nature, the attribute certificatedoes not have to be kept secret and can be published on storage servicesavailable on the Internet. Thus, loss can be avoided and a certificaterecovery can be ensured by simple mechanisms. This applies in particularwhere an attribute certificate granting permission is not based on thepublic key of the user but on his or her identity (e.g. “distinguishedname” of the certificate).

The validity check of the minimum two certificates is preferably carriedout in a data processing device of the certificate issuer.Alternatively, it can be performed by the user or a third party (e.g. atrust center). The validity can also be checked using additionalinformation assigned to the data. Particularly if the validity is notchecked by the issuer, it is advantageous to include furthercertificates like the issuer certificate in the validity check. Thevalidity can be verified in various steps: The validity of theindividual certificates is verified. It can also be verified if thecertificates match one another and if they possibly match any additionalinformation assigned to the data. Should the validity check yield anegative result, for example, if one of the certificates has expired,the user can be issued a new certificate or the certificate can beupdated.

It is advantageous to check the validity of the minimum two certificatesin a portable data processing device, particularly a Notebook,electronic organizer or mobile phone.

After decryption, the data may be stored. To avoid unauthorized copying,further use of the data may preferably be direct.

An advantageous method for an authorized execution of an encrypted dataprocessing program comprises the following steps: Decryption of theencrypted data processing program using one of the abovementionedmethods, loading of the data processing program to the internal memoryof a data processing device, and execution of the data processingprogram by the data processing device. If the data processing program isdirectly loaded to an internal memory after decryption, the dataprocessing program does not need to be saved.

An advantageous method for an authorized play-back of encrypted acousticor optical data comprises the following steps: Decryption of theencrypted acoustic or optical data using one of the abovementionedmethods, forwarding the acoustic or optical data to the play-backdevice. The play-back devices include, for example, monitors, speakers,stereo systems, amplifiers, or electronic books. Advantageously, theplay-back devices allow for only one play-back and no direct copying ofthe data. The data can be forwarded in a streaming media format to theplay-back device.

Particularly during the play-back on portable play-back devices, savingthe content to the play-back device may be necessary, if no wirelessconnection is to be maintained continuously. In this case, the securitycan be ensued in different ways:

a) The play-back device itself allows for play-back of the content onlyand no replication or duplication. In this case, the decrypted contentcan be transferred to the device after it has been identified.

b) The play-back device has a secured cryptographic module. The contentcan be stored encrypted along with the key on the device.

c) The play-back device has a secured cryptographic module and thepossibility to store a special key. The data can then be transferredwith the special key and stored on the play-back device. To access anduse the data, it can be decrypted with the special key.

d) The play-back device has a secured cryptographic module and aconnection possibility for a cryptographic module. The data can then bestored along with the encrypted key on the play-back device. To use thedata, it is decrypted with the provided key.

Advantageously, if at least two certificates are valid, a key isprovided by means of a computer program which can be loaded directly orindirectly to the internal memory of a computer and which includes codedsegments that can provide a key if at least two certificates are valid.

A system for authorized decryption of encrypted data, particularly forperforming one of the methods mentioned above, contains a cryptographicmodule and at least one storage unit containing at least twocertificates. If the system comprises several storage units, the minimumtwo certificates can be stored in one or different storage units.

Preferably, the cryptographic module and/or the storage unit are locatedin secure data processing devices. These may be data processing deviceswhose cryptographic module and/or storage unit cannot be accessed(restricted/or fully) and controlled from outside the data processingdevice. Preferably, one or more cryptographic data processing devicesand data memories are used. The greater the damage which is expected toarise from a compromised function, the higher the security and theeffort needed to overcome this security function become. Thus, thesystem can benefit from the efficiency of inexpensive standardcomponents like personal computers and can have the security of specialitems such as chip cards and chip card readers.

It is advantageous if the system for authorized decryption of encrypteddata has the cryptographic module and at least one storage unit with atleast two certificates stored in a chip card. In this case,cryptographic functions including the decryption of the availableencrypted key can be performed in the chip card. Such a chip card can bea USB token.

In a system for authorized decryption of encrypted data it isadvantageous to use a chip card reader with memory and one storedcertificate. This can be a user certificate.

A chip card reader, which is paticularly used in a system for authorizeddecryption of encrypted data, preferably contains a cryptographicmodule. In this case, cryptographic functions can be performed in thechip card reader.

The following describes specific embodiment of the invention withreference to the attached drawings, which show in:

FIG. 1 a system for authorized decryption of encrypted data withplay-back devices,

FIG. 2 a background system, and

FIG. 3 an independent use.

FIG. 1 shows a system for authorized decryption of encrypted data withplay-back devices. A secure data processing device 11 (e.g. chip card)contains a memory 111. The secure data processing device is permanentlyor temporarily connected to a secure data processing device 12 (e.g.chip card reader, slide-in module, mobile telephone, computer mouse,keyboard, and remote control for electronic devices). The secure dataprocessing device 12 comprises a connection unit 121 for the connectionwith the secure data processing device 11, a storage unit 122, and acryptographic module 123. The communication between the secure dataprocessing devices 11 and 12 is cryptographically secured, e.g. bysecure messaging. The communication can be established by electroniccontacts, wireless, or over telecommunication channels.

The secure data processing device 12 is connected to a user or play-backdevice 141 and a data processing device 13. The data processing device13 can, for example, be integrated in a computer, a television, a stereosystem, a video system, an MP3 player, an eBook, a data terminal, a thinclient or a workstation. The data processing devices 12 and 13 cantogether be integrated in he same physical unit.

The data processing device 12 and/or the data processing device 13 canbe connected to a user or a play-back device 141, 142, such asloudspeakers, headset, monitor, television, stereo system, MP3 player,eBook, Internet applications, computer, organizer or PDA. Furthermore,the data processing device 13 has a permanent or temporary connection131 to a data, telephone or radio network.

The encrypted data and its additional information are stored on the dataprocessing device 13, an external storage medium, or can be accessed byLAN or WAN connection. The attribute certificate, which is specific tocertain data and the user, can be acquired by standard e-commercemethods. The user acquires an attribute certificate which is specific tothe user (user certificate) and to certain content, and which he/shestores in any memory. Alternatively, the user acquires a portablestorage medium or a portable data processing device, which has acertificate stored that is specific to the storage medium or the userand an attribute certificate that is specific to the content. Accordingto a further alternative, the user acquires a portable storage mediumcontaining the attribute certificate.

The attribute certificate can be saved to a repository, which mayalready contain other attribute certificates of the user. The repositorycan be located on one of the data processing devices 11, 12 or 13, orany place on the WAN or Internet. From a cryptographic perspective it ispublic. The data processing device 11 or 12 contains the usercertificate.

FIG. 2 shows a checkpoint 21 for verifying the validity of thecertificates. From data processing device (e.g. data processing devices11,12 or 13 in FIG. 1) user and attribute certificates and additionalinformation are sent to the checkpoint 21 (e.g. issuer, trust center)over a data or telephone network 22 and saved to a storage unit 211. Thecheckpoint verifies the validity of each certificate and checks if theymatch. If the verification is positive, a key is provided. If the keyembedded in encrypted form in the additional information, it isdecrypted using the cryptographic module 212. According to anothermethod, the key is computed from the additional information. If thecertificates have expired, a new encrypted file is sent to the userand/or the certificate is updated.

The key is encrypted by the cryptographic module 212 using the publickey of the user certificate and is sent to the user. Additionalinformation, optionally signed by the issuer, can be appended to theencrypted key.

The encrypted key can be decrypted or calculated e.g. in the dataprocessing device 11 in FIG. 1 and transferred to the data processingdevice 12 in FIG. 1. If corresponding information is contained in theadditional information, the key can be permanently or temporarily savedto the data processing device 12 in FIG. 1. This means that it does nothave to be obtained again for repeated decryption.

An unsecure data processing device (e.g. data processing device 13 inFIG. 1) sends the encrypted data as a data stream to a secure dataprocessing device (e.g. data processing device 12 in FIG. 1). Here, thedata is decrypted and the data stream is either sent back to theunsecure data processing device or directly to the play-back device(e.g. play-black device 141 in FIG. 1). If the data is a computerprogram, it can be loaded to the unsecure data processing device andexecuted.

According to a an embodiment not presented, the validity check can alsobe performed in a data processing device located on the user side (e.g.secure data processing device 11 or 12 or unsecure data processingdevice 13 in FIG. 1). If the check yields a positive result, the key canbe calculated in one of the data processing devices (preferably a securedevice). Alternatively, the key can also be requested over a data ortelephone network. The key can be sent either encrypted (e.g. publickey) or unencrypted.

A particular embodiment of a play-back device 31 is shown in FIG. 3. Ithas a connection 32 to a data processing device and consists of astorage unit 312, a cryptographic module 311, and an integratedplay-back device 33. The connection of an external play-back device 33is optional. In this case, the encrypted data and the key can be savedtogether in the play-back device. The data is then decrypted on demand.

1. Method for authorized decryption of encrypted data with theassistance of a minimum of two certificates in the following order: a)Provision of encrypted data b) Provision of a key, if the validity ofthe two certificates has been verified c) Decryption of the data usingthe key
 2. Method according to claim 1 in which the key is providedafter having been determined with the help of the minimum twocertificates.
 3. Method according to claim 1 in which the key isprovided over a data, telephone, or radio network.
 4. Method accordingto claim 3, in which the key is provided in encrypted form.
 5. Methodaccording to claim 1, in which apart from the encrypted data additionalinformation is provided to identify the encrypted data without the needfor decryption.
 6. Method according to claim 1, in which apart from theencrypted data additional information is provided to procure the key fordecrypting the encrypted data.
 7. Method according to claim 1, in whichapart from the encrypted data additional information is provided whichcontains some of the encrypted data in unencrypted form.
 8. Methodaccording to claim 1 in which the minimum two certificates compriseattribute and/or user certificates.
 9. Method according to claim 1, inwhich the validity of the minimum two certificates is verified in a dataprocessing device of an issuer or a user.
 10. Method according to claim1, in which the validity is verified in a portable data processingdevice, particularly a notebook, an electronic organizer or a mobilephone.
 11. Method for an authorized execution of an encrypted dataprocessing program in the following steps: a) Decryption of theencrypted data processing program using methods according to claim
 1. b)Loading of the data processing program to the main memory of a dataprocessing device. c) Execution of the data processing program by thedata processing device.
 12. Method for an authorized play-back ofencrypted acoustic and optical data in the following steps: a)Decryption of the encrypted acoustic and optical data using the methodaccording to claim
 1. b) Forwarding of the acoustic and optical data toa play-back device.
 13. Computer program product, which can be directlyor indirectly connected to the main memory of a computer and whichconsist of coded segments that provide a key if a minimum of twocertificates are valid according to step c) of the method of claim 1.14. System for authorized decryption of encrypted data, in particularfor performing the method claim 1 with a cryptographic module and atleast one storage unit with a minimum of two stored certificates. 15.System according to claim 14, in which the cryptographic module and theminimum of one storage unit with at least two stored certificates areintended for a chip card.
 16. Chip card reader, in particular for use ina system for authorized decryption of encrypted data according to claim14 with a storage unit containing one certificate.
 17. Chip card reader,in particular for use in a system for authorized decryption of encrypteddata according to claims 14 with a cryptographic module.